Online Armor Free

Just do as it is advised in the prompt. If you trust this program press "remember" and "allow". If not, then remove it from your computer

But in general, OLE implementation is one of the misteriest MS things. Especially, when it comes to the kernel level where OA moved by the "public opinion" pressure.

Though, I failed to reproduce this effect. What OS do you run ? May be you have some third-party shell extentions ?

 

Aigle and Alex are exactly right. However - OA was moved to the kernel not for Public Pressure, but for security

 

So no optiosn to globally disable OLE attempts check in OA?

 

I think this would be against OA concept. But you can disable OLE (and many other checks) by setting application trusted. This gives you a way to avoid extra checks and guarantees that any unknown application is carefully tracked for suspiciouse actions.

 

Not against, it,s a feature now coming in HIPS, that u can disable/ enable any rule globally. I find it both in EQS and NG.

 

Then it is not against their concept
But .. do you have any other argument on what this feature is for, aside from "it is implemented there and there" ? I think if you find valid arguments and present them to Mike it can be easily and quickly implemented. Though, do not expect that every "I want.." will be welcomed, as long as in this case a program will go quite complex and thus less usable pretty fast. As far as I see for now OA is being tried to keep as simple as possible for the unexperienced user, and at the same time to provide the maximum security level (expecially with a default setup).

 

I can,t comment much as I am not using OA and infact never tried v 2. I will leave it upto the users of OA.

However you have stimulated me to make a new thread . Have a look here.

https://www.wilderssecurity.com/showthread.php?p=1101320#post1101320

 

Um, it happens with a lot of programs - more than I care to deal with. That's why I'm asking.

I guess it must be an issue on my machine. I have loads of third party extensions so I'll have to weed through them to find the culprit.

 

Hi there,

I think we need to put a bit of time into the whitelist...

Mike

 

Mike does OA Free add the registry entry MCHINJDRV to the Legacy Drivers area of the registry, or any other mchinjdrv registry entries that programs like a-squared and I believe ThreatFire does? I know they have to do with rootkit detection. The reason I ask is I unstalled a-squared recently and want to delete those registry keys, but not if any belong to OA Free.Thanks.

 

Hi Mike:

I'm not sure.

OA has it's trusted list, each user (that means me as well) should they not go through their own list at set up time and indicate trust or not? Thus modifying the list to their configuration?

It seems to me that it is impossible to build one white list fits all. It could have all the xp services, and programs that are to be trusted and I think it does!

I must be missing the point.

I thought a HIPS is supposed to challenge the unknown programs the user provides the correct response and their system then "learns" what else it has to trust?

 

Hi Escalader,

OA's objective is to provide (as simply as possible) a broad spectrum of security - without toooo many popups. It's designed to help prevent *bad* software running and taking control, using the internet, etc.

This is relevant to whitelists. For example, ICQ is a safe program (in other words, it's not spyware, malware or adware). So is Yahoo. So is MS Word,Excel, the avira updater and so on. So, if we recognise one of these safe programs - we don't throw a popup.

The reason for this is quite simple - we're trying to make a suite that anyone can use (and I know, we're not there yet!) and that means reducing popups.

My ideal situation is this: Online Armor recognises every safe program out there, in every version - and you never receive a prompt for it. We have a long way to go to get there, but that's the mission.

Of course, users can still configure OA to their preference - and that's not going to be removed... but the objective is to make it so that only people who want to, have to.


Mike

 

Rules or no rules?

The problem with an enormous thread like this one is that conflicting information will pop up.

I'm trying to find out exactly what the free OA will or won't do with firewall rules, without installing and testing the thing. Mike says that it will do anything. Other posters say that it won't do rules. The web site says that rules are part of the advanced mode, which is not included.

Looking for a user's manual, I find nothing (maybe I'm blind). Why would I install a firewall (free or paid), if I don't know what it's doing? Firewalls are serious business, unless you only use your computer for testing, gaming and video. How can OA (full or free) compete with Comodo without a user's manual?

Cheers

 

I can hardly imagine how FW can work without rules. Surely, there are rules. But those rules are not so flexible in a free version as they are in commercial. For example, you cannot set address filters, blacklists, country filters, change ICMP policy, restricted ports policy. But you can setup application-oriented rules for proto and ports which is quite enough in the most cases to provide easy and secure way to setup a network policy for unexperienced user.

 

I think FW is good for novice with simple application based mode.

I want to ask one Q from Mike?
Does run safer mode inherit permissions to the child processes. Say I am running IE under Run safer of OA and I download an executable via IE or IE get a dive-by download. Now when this new executable will be executed, will it run with limited priviliges as well?

Thanks

 

OA Free will allow normal rules to be created (and there is a help file for it, which are are updating again). However, certain things (blacklists, endpoint restrictions based on country, ip address) are only available in OA Full.

Please remember, OA has gone from concept to release in just over a week. We're a bit behind on getting some things done (userguide update being one of them) - but feel free to wander over to our forum and ask any questions you like... we also have a "what would you like to see in the userguide" thread.

 

Yes, it will. This is actually why I made it NOT be the default, because people would download a legitimate file from OA, try to install it - and get upset when it didnt work.

 

How u can run this installer as trusted then? Thanks

 

Simply don't launch it with IE.

So, if you saved the file to desktop, and then executed it - it would run at current privs of the logged in user, unless you chose to run it safer.

 

U mean if it,s executed by explorer.exe, it will be treated as trusted?

 

If you are interested I asked the 'run safer ' question in another thread and Mike answered like this:''It used to be turned on automatically for programs such as Internet Explorer, ICQ, Yahoo, etc - but now we made it so you manually have to do it.

The reason is - when IE is running in a restricted mode, it can't do things like save to c:\ (root) - or, alternatively, if you download an EXE and run directly from IE (don't do a save-as) then it inherits restricted permissions as well. These are useful things - but if you are not expecting it, it looks like a problem.

(for example, you dont want IE to run EXEs with admin rights - and if you want to download something, save it first - then run it from the desktop)

This was causing people confusion. To turn on RunSafer for IE, open it up in "My Programs" - right click to get the advanced options on the entry for IE and check "Run Safer".''
__________________

 

Thanks for the detailed reply.

 

No, in that case it would be treated as unknown, but would not automatically run safer.

Let me explain. In Online Armor, we have four main classifications of program:

1. Trusted - Trusted programs are known to be safe, and so they are monitored less than other programs. We dont ask for things like global hooks or other things from this program (we know it is safe).

2. NotTrusted - These are programs that our lawyer would have me say are "potentially unwanted" , but, basically your junk, malware, spyware, adware.

3. Unknown - we have no clue. It's not Trusted, and its not dangerous. Really, we don't have a clue, we havent classified it.

4. Allowed - An allowed program is basically an Unknown program that a user has given permission to run.

RunSafer can be turned on for ANY program. For example, even though IE is trusted - it can be made to run safer. On the "An unknown program wants to run" - you have the option to run that program Safer.

The idea behind runsafer is bascially this:

a) If you're not sure - allow it, and run safer. This will limit damage that it will do in the event that you have just allowed a piece of malware.

b) EVEN IF you know what it is, but it has a less than stellar security reputation (for example, IE, Word, Excel, and so on) then you can still run it as a limited user to prevent/mitigate any damage done if the program is exploited.

On my pc at home I have FF, IE, ICQ, Yahoo, MSN and all internet-facing apps running "Safer". Just in case. If one of these apps is compromised and starts another process, then the sub process would start with lowered rights (assuming, the user allowed it to run, or it theoretically got past OA, or it was a trusted process)

So - to summarise - the trust status of the program controls OA's behaviour (do we allow it to run, and if it requests things like memory access do we prompt or allow).

The runsafer part is basically an option (for any type of program) to run as if you were in a non-admin account.

Hope this helps.


Mike

 

Hi Mike,
I'm not complaining, just helping you to get the marketing efforts in place.
More questions: "will allow" means that the final free version isn't available yet? When will it be possible to download help file or user guide?

Cheers

 

OAFree final version is out, but we're already working on the next release. I'm just about to go to sleep (nearly midnight) - but I will post up the OA Help file when I get to the office tomorrow..